Actions
Bug #56639
closedcephadm: cephadm.log logrotate fails if /var/log/ceph is writable by non-root group
% Done:
0%
Source:
Tags:
backport_processed
Backport:
quincy, pacific
Regression:
No
Severity:
3 - minor
Reviewed:
Description
if the /var/log/ceph dir is owned by a group other than root and that group has write access, rotating the cephadm.log will fail with
error: skipping "/var/log/ceph/cephadm.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
This is an issue because when installing the ceph-common package, it seems to create /var/log/ceph with owner/group ceph/ceph and write permissions for the group. This means a user who uses the cephadm preflight playbook (which installs ceph-common on the hosts) before running any cephadm commands (since cephadm will create the dir with owner/group root/root) will not be able to rotate this log.
Updated by Adam King over 1 year ago
- Status changed from In Progress to Pending Backport
Updated by Backport Bot over 1 year ago
- Copied to Backport #56739: pacific: cephadm: cephadm.log logrotate fails if /var/log/ceph is writable by non-root group added
Updated by Backport Bot over 1 year ago
- Copied to Backport #56740: quincy: cephadm: cephadm.log logrotate fails if /var/log/ceph is writable by non-root group added
Updated by Adam King over 1 year ago
- Status changed from Pending Backport to Resolved
Actions